diff options
Diffstat (limited to 'kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml')
-rw-r--r-- | kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml new file mode 100644 index 0000000000..2a89c4b9e3 --- /dev/null +++ b/kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml @@ -0,0 +1,60 @@ +{{- if or .Values.serviceAccount.enabled -}} +{{- $fullName := include "oauth2-proxy.fullname" . -}} +{{- $saName := include "oauth2-proxy.serviceAccountName" . -}} +{{- $name := include "oauth2-proxy.name" . -}} +{{- $namespace := include "oauth2-proxy.namespace" $ -}} +{{- $labels := include "oauth2-proxy.labels" . -}} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app: {{ $name }} +{{- $labels | indent 4 }} + name: {{ $saName }} + namespace: {{ $namespace }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }} +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ $fullName }}-watch-redis + namespace: {{ $namespace }} + labels: + app: {{ $name }} + {{- $labels | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + resourceNames: + - "{{ include "oauth2-proxy.redis.fullname" . }}-master-0" + verbs: + - get + - list + - watch +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ $saName }}-watch-redis + namespace: {{ $namespace }} + labels: + app: {{ $name }} + {{- $labels | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ $saName }} + apiGroup: "" +roleRef: + kind: Role + name: {{ $fullName }}-watch-redis + apiGroup: "" +{{- end -}} +{{- end -}} |